diff options
author | Remi Gacogne <rgacogne@archlinux.org> | 2024-04-03 17:11:25 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2024-08-02 00:39:45 +0000 |
commit | cf473bcfbd275044250fa6ce3703dd7059a52273 (patch) | |
tree | adb0c7ddb47d3c0e27ec2b9dd5f96c93b4fb95f0 | |
parent | f142df92c7b85065d503d8a11cd295cc93d78a6d (diff) |
Ensure that the download process cannot get new privileges
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
-rw-r--r-- | lib/libalpm/sandbox.c | 9 | ||||
-rw-r--r-- | meson.build | 1 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/libalpm/sandbox.c b/lib/libalpm/sandbox.c index 7650c119..1e96dc00 100644 --- a/lib/libalpm/sandbox.c +++ b/lib/libalpm/sandbox.c @@ -17,9 +17,14 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include "config.h" + #include <errno.h> #include <grp.h> #include <pwd.h> +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#endif /* HAVE_SYS_PRCTL_H */ #include <sys/types.h> #include <unistd.h> @@ -40,6 +45,10 @@ int SYMEXPORT alpm_sandbox_setup_child(alpm_handle_t *handle, const char* sandbo if(sandbox_path != NULL && !handle->disable_sandbox) { _alpm_sandbox_fs_restrict_writes_to(handle, sandbox_path); } +#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_NO_NEW_PRIVS) + /* make sure that we cannot gain more privileges later, failure is fine */ + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); +#endif /* HAVE_SYS_PRCTL && PR_SET_NO_NEW_PRIVS */ if(restrict_syscalls && !handle->disable_sandbox) { _alpm_sandbox_syscalls_filter(handle); } diff --git a/meson.build b/meson.build index e48120e8..e8f502b7 100644 --- a/meson.build +++ b/meson.build @@ -132,6 +132,7 @@ foreach header : [ 'sys/mnttab.h', 'sys/mount.h', 'sys/param.h', + 'sys/prctl.h', 'sys/statvfs.h', 'sys/types.h', 'sys/ucred.h', |